I understand that it’s important to keep known identities seperate to pseudonyms but what is the actual downside to doing this? I have setup most accounts using my actual IP address anyway so I’m curious what’s the downside, apart from having known identities tied to another IP / be de-anonymised which services have other ways of tracking de-anonymising or tracking anyway.
I’d be able to use split tunneling on mobile as the apps are seperate.
Is there a use case where a VPN wouldn’t be required? I use one for certain things but not everything and ideally I’d want to protect against other trackers and my ISP along with location based tracking using IP such as gaming and other services.
Attribution of your real one to others. It defeats the purpose of pseudonyms.
The “damage” is already done. But depending on what those accounts are and your threat model, it no longer may be important and you can still continue obfuscating with a good VPN.
Not sure what you mean here and why.
It depends. If the app you need it to work needs to know your real location or IP, then a VPN can be temporarily disabled or split tunneled.
I recommend always keeping your VPN on then. No harm in it unless there’s a very particular reason you need to turn it off even temporarily. And please use a reputable trustworthy VPN.
This is more of a forward thought if I was to use a VPN it would be easier on mobile because most services have apps and ones where I’d need to use my real identity I can use split tunneling
How would you split tunnel on the same browser if that’s even possible
I’ve previously used proton but I’ve been thinking about mullvad
My threat model is reducing reliance on big tech / surveillance capitalism, however as most people were / are engraned in different big techs ecosystems, which in my case in Google and Microsoft and I’ve got to a comfortable point where I gave up / stopped trying to go further.
Is there much point me using a VPN generally speaking? I’m not entierly sure. (this probably isn’t a good place to start)
If I were to use it day to day it would be to reduce tracking and to stop my ISP knowing everything I search and maybe adblocking but that could be done with DNS (I’m aware HTTPS does some of that already). It would be helpful when gaming to stop those services getting my IP especially in online gaming. I know I could use something like rethinkDNS instead of a VPN but from what I understand a VPN is a better way of reducing what your ISP will see.
Sorry if this is a long wall of text I’m just trying to explain my thoughts on things.
You’ll first need to know what a VPN is for and can do and what it is not for. If you want to obfuscate your ISP and your government from knowing where you go online? Use a VPN. If you’re okay with otherwise, don’t use it. ISPs and governments will know where you go but they won’t know what you do on it (since you’re protected by HTTPS anyway).
But I would say use a VPN. It doesn’t hurt you and that additional obfuscation (coupled with hardened browser settings such that cookies and site data is cleared/deleted upon every browser quit) is one of the best and easiest things you can do against big tech from making profiles of you to track you across the internet.
Seems like you already know the basics of VPN usage. So, its really up to you to go the way you want and how. I always use a VPN with kill switch enabled for my use case and my country currently.
Those are very simplistic ways to put it. Not necessarily wrong but not entirely accurate either. And don’t think that’s exactly how one should think of it.
I’ve not been doing this currently I’ve been using a single browser for most things and certain things in another browser / VMs. My issue with clearing cookies and data which is a good way of stopping being tracked is signing back into accounts each time, I know this is a pain but I’d be gaining that privacy of not being tracked or being tracked less. I don’t suppose anyone has a solution to this? I use a password manager for most accounts.
I know this sounds like I’m reluctant to change which I’m not against it I’m just explaining and it sounds like I’m probably going about things the wrong way, probably because I am.
You can have exceptions for websites you trust to be signed into and not clear cookies for all the time. So, it clears everything else but these sites. And that’s a good middle ground/solution for you.
Why not for all your accounts and even your banking info and what not? If you use the right one, it is an excellent piece of software to keep your info safe and secure.
I didn’t know this was possible I will look into this as it’s a good middle ground thank you.
Mostly in case the password manager gets comprimised I wouldn’t lose access to all accounts which I know anyone can’t say for certain your account won’t get compromised or if it will.
I use proton pass for reference.
Its easiest to do and manage in Firefox and its derivatives. Possible on Brave too but keeping track is a manual activity.
That’s why using the right one is key. Proton Pass is a great option and that’s what I recommend. Albeit, 1Password works just as well and they are a security company.
And you’re welcome. Feel free to ask more questions - that’s how you/one learns.
Thanks for your help, I will look into getting mullvad I’m guessing you’d recommend storing your account number in your password manager.
With regards to payment I’m not too fussed about it being anonymous, what method would you recommend? As I know mullvad allow vouchers which can be bought through amazon and the use of credit cards.
Somewhat off topic what security key would you recommend? As I’ve been looking for a while and couldn’t make up my mind on a brand or type as Yubikey looks good but the lack of firmware updates for vulnerabilities.
Yes. Better than forgetting it if you only memorize it.
If you have BTC or XMR, then that. If not, just use your card since you’re not fussy about it.
Nitrokey and Yubikey are both great. If you plan to use passkeys, I am currently recommending only software passkeys as they are easier to manage and maintain. Plus, they are not expensive. If not, then either works. Just read up on the pros and cons and how to best set up and use them.
I also recommend setting up your standard 2FA with TOTP as a backup if passkeys don’t work or if you lose your security keys. TOTP can also use used for an average threat model in your password manager itself but folks here get picky and particular when some recommend using your password manager for it. I think it’s totally okay. But if you want to use a different app, Ente Auth is the one to go with. Proton Authenticator can also be used.
Hope that answers all your questions but you may keep asking more.
For a couple of years now (!) Rethink has supported importing WireGuard configuration to connect to any public VPN that let you export WireGuard configurations (Windscribe, Amnezia, Proton, and Mullvad do).
Go to Configure → Proxy → Setup WireGuard and then look for the + floating action button in the footer. Tap on it to import a downloaded WireGuard config or scan a QR code of the WireGuard config, or type it out manually.
And since Aug this year, Rethink can multi-hop / multi-relay 2 different WireGuards. For instance, if you import Windscribe, and Proton configs, you can:
Multi-party: Exit Proton over Windscribe (or vice versa).
Multi-hop: Exit Proton US server over Proton’s Swiss server.
See step-by-step instructions for importing Proton WireGuard configs on our subreddit: Proton VPN : rethinkdns (mirror).
Can’t call it a benefit really, but since Rethink’s primary use is a firewall, it has more “network monitoring” features than popular VPN apps (that focus more on anti-censorship and geo-unblocking side of things).
Rethink can run multiple WireGuard tunnels at the same time. This means, you can connect to any number of different providers / countries and split route apps between those tunnels.
Since v055u (launched last month), Rethink has Mobile / WiFi (SSID) automation (turn ON / OFF a particular WireGuard based on SSIDs for WiFi / if using Mobile data).
And as noted above, Rethink implements multi-hop / multi-party in the client. A net outcome of that is, you can do funny things like use Proton’s EU servers as exit and Proton’s US servers as a hop (relay); or use any Mullvad server as a hop and any Windscribe server as exit.
Also, if those clients don’t support custom DNS (most of the popular VPN apps do), Rethink will let you set any upstream DNS /(including DNSCrypt with Anoymizing Relays or Oblivious DNS over HTTPS endpoints) up alongside the WireGuard tunnels.
There’s downsides too; for example, in terms of anti-censorship features: Proton implements WireGuard over TCP/TLS aka “Stealth” (that Rethink doesn’t support), Mullvad implements QUIC-based obfuscation / Shadowsocks / DAITA (which Rethink doesn’t support), Windscribe implements Websockets-based transport and Amnezia1.5 modifications to WireGuard (again, no support for it in Rethink).
Thank you! The benefits are certainly present and can be used for folks who are particular about their VPNs and network connections.
I’ll give this a try in a separate profile to see how well it works. While Wireguard works just fine where I am, it can at anytime become a hindrance so having obfuscation options does help.
On the topic of VPNs does Mullvad have anything similar to Proton’s stealth feature for anti-censorship / obfuscation? I’m not in a country where this would be needed as such but in the future who knows.
I had used rethinkdns in the past briefly but I decided to download it again, I like the way I can dial down to stop websites that are broken / some features don’t work when I have DNS settings setup how I do and I can allow certain sites or connections / apps and IPs. It’s a learning experience, is there any specific settings you’d recommend?
You didn’t ask me but figured I answer anyway. Yes, Mullvad has 4 obfuscation options, by far the most among any VPNs I know of. And as someone who sometimes needs to use them, they work well even though they come at cost of speed at times.
and I’ve got to a comfortable point where I gave up / stopped trying to go further.
I’ve been using a single browser for most things and certain things in another browser / VMs. My issue with clearing cookies and data which is a good way of stopping being tracked is signing back into accounts each time, I know this is a pain but I’d be gaining that privacy of not being tracked or being tracked less. I don’t suppose anyone has a solution to this? I use a password manager for most accounts.